Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pivotal software vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2018-15761
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions before 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalate...
Pivotal Software Cloud Foundry Uaa
Pivotal Software Cloudfoundry Uaa Release
5.5
CVSSv2
CVE-2018-15795
Pivotal CredHub Service Broker, versions before 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service.
Pivotal Software Credhub Service Broker
5.5
CVSSv2
CVE-2018-15796
Cloud Foundry Bits Service Release, versions before 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage.
Pivotal Software Bits Service
6.5
CVSSv2
CVE-2018-15762
Pivotal Operations Manager, versions 2.0.x before 2.0.24, versions 2.1.x before 2.1.15, versions 2.2.x before 2.2.7, and versions 2.3.x before 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a ne...
Pivotal Software Operations Manager
6.8
CVSSv2
CVE-2018-15758
Spring Security OAuth, versions 2.3 before 2.3.4, and 2.2 before 2.2.3, and 2.1 before 2.1.3, and 2.0 before 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the app...
Pivotal Software Spring Security Oauth
5
CVSSv2
CVE-2018-11082
Cloud Foundry UAA, all versions before 4.20.0 and Cloud Foundry UAA Release, all versions before 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user.
Pivotal Software Cloudfoundry Uaa Release
Pivotal Software Cloudfoundry Uaa
5
CVSSv2
CVE-2018-1264
Cloud Foundry Log Cache, versions before 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secret, gaining all privileges held by the Log Cache UAA client. In the worst case, if ...
Pivotal Software Cloud Foundry Log Cache
4
CVSSv2
CVE-2018-15763
Pivotal Container Service, versions before 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these credentia...
Pivotal Software Pivotal Container Service
4
CVSSv2
CVE-2018-11081
Pivotal Operations Manager, versions 2.2.x before 2.2.1, 2.1.x before 2.1.11, 2.0.x before 2.0.16, and 1.11.x before 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to t...
Pivotal Software Operations Manager
4
CVSSv2
CVE-2018-1198
Pivotal Cloud Cache, versions before 1.3.1, prints a superuser password in plain text during BOSH deployment logs. A malicious user with access to the logs could escalate their privileges using this password.
Pivotal Software Pivotal Cloud Cache
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »